CVE-2025-40805

Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a legitimate user.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-001536.html
https://cert-portal.siemens.com/productcert/html/ssa-014678.html

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Los dispositivos afectados no aplican correctamente la autenticación de usuario en puntos finales de API específicos. Esto podría facilitar que un atacante remoto no autenticado eluda la autenticación y suplante la identidad de un usuario legítimo. La explotación exitosa requiere que el atacante haya aprendido la identidad de un usuario legítimo.

13 Jan 2026, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-13 10:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-40805

Mitre link : CVE-2025-40805

CVE.ORG link : CVE-2025-40805

JSON object : View

Products Affected

No product.

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2025-40805", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "productcert@siemens.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-13T10:15:58.047", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-001536.html", "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-014678.html", "source": "productcert@siemens.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a legitimate user."}, {"lang": "es", "value": "Los dispositivos afectados no aplican correctamente la autenticaci\u00f3n de usuario en puntos finales de API espec\u00edficos. Esto podr\u00eda facilitar que un atacante remoto no autenticado eluda la autenticaci\u00f3n y suplante la identidad de un usuario leg\u00edtimo. La explotaci\u00f3n exitosa requiere que el atacante haya aprendido la identidad de un usuario leg\u00edtimo."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "productcert@siemens.com"}